[ol8_MODRHCK] kernel-headers-4.18.0-553.69.1.0.1.el8_10.x86_64

Name:	kernel-headers
Version:	4.18.0
Release:	553.69.1.0.1.el8_10
Architecture:	x86_64
Group:	Development/System
Size:	5653930
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-headers-4.18.0-553.69.1.0.1.el8_10.x86_64.rpm
Source RPM:	kernel-4.18.0-553.69.1.0.1.el8_10.src.rpm
Build Date:	Mon Aug 11 2025
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	Header files for the Linux kernel for use by glibc
Description:	Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

Changelog (Show File list) (Show related packages)

Mon Aug 11 2025 Darren Archibald <darren.archibald@oracle.com> [4.18.0-553.69.1.0.1.el8_10.OL8]

- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

Mon Aug 11 2025 Darren Archibald <darren.archibald@oracle.com> [4.18.0-553.69.1.el8_10.OL8]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

Thu Aug 07 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.69.1.el8_10]

- Revert "sch_htb: make htb_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140]
- Revert "sch_drr: make drr_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140]
- Revert "sch_qfq: make qfq_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140]
- Revert "codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()" (Denys Vlasenko) [RHEL-108140]
- Revert "sch_htb: make htb_deactivate() idempotent" (Denys Vlasenko) [RHEL-108140]
- Revert "net/sched: Always pass notifications when child class becomes empty" (Denys Vlasenko) [RHEL-108140]
- Revert "sch_cbq: make cbq_qlen_notify() idempotent" (Denys Vlasenko) [RHEL-108140]

Mon Aug 04 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.68.1.el8_10]

- ipv6: mcast: extend RCU protection in igmp6_send() (Hangbin Liu) [RHEL-102392] {CVE-2025-21759}
- md/md-bitmap: move bitmap_{start, end}write to md upper layer (Nigel Croxon) [RHEL-57991]
- md/raid5: implement pers->bitmap_sector() (Nigel Croxon) [RHEL-57991]
- md: add a new callback pers->bitmap_sector() (Nigel Croxon) [RHEL-57991]
- md/md-bitmap: remove the last parameter for bimtap_ops->endwrite() (Nigel Croxon) [RHEL-57991]
- md/md-bitmap: factor behind write counters out from bitmap_{start/end}write() (Nigel Croxon) [RHEL-57991]
- md/raid5: recheck if reshape has finished with device_lock held (Nigel Croxon) [RHEL-57991]
- md/md-linear: enable io accounting (Nigel Croxon) [RHEL-59928]
- md/md-multipath: enable io accounting (Nigel Croxon) [RHEL-59928]
- md/raid10: switch to use md_account_bio() for io accounting (Nigel Croxon) [RHEL-59928]
- md/raid1: switch to use md_account_bio() for io accounting (Nigel Croxon) [RHEL-59928]
- raid5: fix missing io accounting in raid5_align_endio() (Nigel Croxon) [RHEL-59928]
- md: also clone new io if io accounting is disabled (Nigel Croxon) [RHEL-59928]
- sch_cbq: make cbq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376]
- net/sched: Always pass notifications when child class becomes empty (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- sch_htb: make htb_deactivate() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- sch_qfq: make qfq_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- sch_drr: make drr_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- sch_htb: make htb_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93376] {CVE-2025-38350}
- can: peak_usb: fix use after free bugs (CKI Backport Bot) [RHEL-99447] {CVE-2021-47670}
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CKI Backport Bot) [RHEL-103141] {CVE-2025-38159}
- net/ipv6: release expired exception dst cached in socket (Guillaume Nault) [RHEL-105794] {CVE-2024-56644}

Thu Jul 31 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.67.1.el8_10]

- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Rafael Aquini) [RHEL-101233] {CVE-2025-38085}
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (Rafael Aquini) [RHEL-101233] {CVE-2025-38085}
- mm/khugepaged: fix GUP-fast interaction by sending IPI (Rafael Aquini) [RHEL-101233] {CVE-2025-38085}
- mm/khugepaged: take the right locks for page table retraction (Rafael Aquini) [RHEL-101233] {CVE-2025-38085}
- mm/khugepaged: unify collapse pmd clear, flush and free (Rafael Aquini) [RHEL-101233] {CVE-2025-38085}
- padata: fix UAF in padata_reorder (Waiman Long) [RHEL-101398] {CVE-2025-21727}
- redhat: update BUILD_TARGET to rhel-8.10.0-z-test-pesign (Jan Stancek)
- ftrace: Clean up hash direct_functions on register failures (Gregory Bell) [RHEL-103912]

Mon Jul 28 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.66.1.el8_10]

- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001}
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890}
- sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415]
- crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079}
- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077}
- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698]
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698]
- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680}
- smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095}
- smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698]
- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079]
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052}
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020}
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928}

Thu Jul 24 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.65.1.el8_10]

- x86/alternatives: avoid mapping FIX_TEXT_POKE1 page when it is not required (Rafael Aquini) [RHEL-95422]
- ext4: avoid resizing to a partial cluster size (CKI Backport Bot) [RHEL-101423] {CVE-2022-50020}

Wed Jul 23 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.64.1.el8_10]

- sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CKI Backport Bot) [RHEL-100387] {CVE-2025-21919}
- NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (Benjamin Coddington) [RHEL-86256]
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (CKI Backport Bot) [RHEL-102133] {CVE-2022-49977}
- wifi: iwlwifi: limit printed string from FW file (CKI Backport Bot) [RHEL-99367] {CVE-2025-21905}
- workqueue: Disable printk_deferred_{enter,exit} in RT kernel (Waiman Long) [RHEL-80292]
- workqueue: Make show_pwq() use run-length encoding (Waiman Long) [RHEL-80292]
- workqueue: Introduce show_one_worker_pool and show_one_workqueue. (Waiman Long) [RHEL-80292]
- workqueue: fix state-dump console deadlock (Waiman Long) [RHEL-80292]

Thu Jul 17 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.63.1.el8_10]

- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66324] {CVE-2024-50154}
- net: ch9200: fix uninitialised access during mii_nway_restart (CKI Backport Bot) [RHEL-101200] {CVE-2025-38086}
- mm/swapfile: add cond_resched() in get_swap_pages() (Nico Pache) [RHEL-80401] {CVE-2023-52932}
- dlm: fix possible lkb_resource null dereference (Alexander Aring) [RHEL-64452]
- fs: dlm: handle -EINVAL as log_error() (Alexander Aring) [RHEL-64452]
- redhat/configs: enable CONFIG_RH_KABI_STABLE_ASM_OFFSETS (Čestmír Kalina) [RHEL-90099]
- kabi: freeze stablelist and stackprotector-related constants (Čestmír Kalina) [RHEL-90099]
- kabi: add redhat/kabi/asm-offsets (Čestmír Kalina) [RHEL-90099]
- kabi: add RH_KABI_ASSERT_EQ_CONST{,EXPR} (Čestmír Kalina) [RHEL-90099]

Thu Jul 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.62.1.el8_10]

- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand) [RHEL-87557]
- mm/slab: make __free(kfree) accept error pointers (Mark Langsdorf) [RHEL-84410]
- driver core: fix potential NULL pointer dereference in dev_uevent() (Mark Langsdorf) [RHEL-84410]
- driver core: introduce device_set_driver() helper (Mark Langsdorf) [RHEL-84410]
- Revert "drivers: core: synchronize really_probe() and dev_uevent()" (Mark Langsdorf) [RHEL-84410]
- cleanup: Add conditional guard helper (Mark Langsdorf) [RHEL-84410]
- cleanup: Adjust scoped_guard() macros to avoid potential warning (Mark Langsdorf) [RHEL-84410]
- cleanup: Remove address space of returned pointer (Mark Langsdorf) [RHEL-84410]
- cleanup: Add usage and style documentation (Mark Langsdorf) [RHEL-84410]
- file: add take_fd() cleanup helper (Mark Langsdorf) [RHEL-84410]
- cleanup: Standardize the header guard define's name (Mark Langsdorf) [RHEL-84410]
- cleanup: Add conditional guard support (Mark Langsdorf) [RHEL-84410]
- cleanup: Make no_free_ptr() __must_check (Mark Langsdorf) [RHEL-84410]
- locking: Introduce __cleanup() based infrastructure (Mark Langsdorf) [RHEL-84410]
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CKI Backport Bot) [RHEL-100343] {CVE-2022-49788}
- media: uvcvideo: Announce the user our deprecation intentions (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Allow changing noparam on the fly (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Invert default value for nodrop module param (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Propagate buf->error to userspace (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Flush the control cache when we get an event (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Annotate lock requirements for uvc_ctrl_set (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Remove dangling pointers (Desnes Nunes) [RHEL-98760] {CVE-2024-58002}
- media: uvcvideo: Remove redundant NULL assignment (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Only save async fh if success (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Refactor iterators (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Fix double free in error path (CKI Backport Bot) [RHEL-98788] {CVE-2024-57980}
- cifs: potential buffer overflow in handling symlinks (Paulo Alcantara) [RHEL-97074] {CVE-2022-49058}
- Race between reading mdstat and stopping an md device (Nigel Croxon) [RHEL-95723]
- fs/dcache: Control # of dentries in list_lru_node (Waiman Long) [RHEL-8578]
- fs/dcache: Add sysctl parameter dentry-fs-klimit to control # of dentries in filesystem (Waiman Long) [RHEL-8578]
- mm/list_lru: Make list_lru_add() return # if items in affected list_lru_node (Waiman Long) [RHEL-8578]